if role of user changed, permissions change

2025-08-06 14:27:44 +03:30
parent 30dcdb2db6
commit 0696eba624
1 changed files with 10 additions and 4 deletions
--- a/apps/authorization/api/v1/serializers.py
+++ b/apps/authorization/api/v1/serializers.py
@@ -8,7 +8,6 @@ from apps.authorization.models import (
    Page
 )
 from apps.authentication.api.v1.serializers import serializer as auth_serializer
-from apps.authentication.models import Organization
 import itertools


@@ -146,9 +145,16 @@ class UserRelationSerializer(serializers.ModelSerializer):
    def update(self, instance, validated_data):
        """ update user relation object """

-        instance.role = validated_data.get('role', instance.role)
+        # if role of user changed, clear all permissions and set new role permissions for user
+        if not instance.role == validated_data.get('role', instance.role):
+            instance.role = validated_data.get('role', instance.role)
+            instance.permissions.clear()
+            instance.permissions.add(*instance.role.permissions.all())
+
        instance.organization = validated_data.get('organization', instance.organization)
        instance.save()
-        instance.permissions.clear()
-        instance.permissions.add(*(validated_data.get('permissions', instance.permissions)))
+
+        if validated_data.get('permissions'):
+            instance.permissions.clear()
+            instance.permissions.add(*(validated_data.get('permissions', instance.permissions)))
        return instance